On Thu, Nov 20, 2014 at 11:13 AM, Scott Jackson <[email protected]> wrote:
> No, I am using a custom SSLSocketFactory implementation which accepts Self
> Signed Certs:
> https://github.com/daneren2005/Subsonic/blob/master/src/github/daneren2005/dsub/service/ssl/SSLSocketFactory.java
I hope you are not actually using TrustSelfSignedStrategy in
production, because:
public class TrustSelfSignedStrategy implements TrustStrategy {
public boolean isTrusted(final X509Certificate[] chain, final
String authType)
throws CertificateException {
return true;
}
}
This ends up trusting any and all certificates.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
